Bug 1404454 - use about:blank as the inital page of the testing iframe. r?dragana
In our test script we set the unload handler on the inner iframe earlier than the page is loaded, therefore it pass the origin check since the contentWindow object is for about:blank.
Security error will raise if the OnStartRequest for that iframe is received beforehand.
Use about:blank can guarantee to have same-origin window on the inner iframe.
MozReview-Commit-ID: 8AiwGIfoF4
--- a/netwerk/test/mochitests/test_1396395.html
+++ b/netwerk/test/mochitests/test_1396395.html
@@ -2,17 +2,17 @@
<!-- vim: set shiftwidth=2 tabstop=2 autoindent cindent expandtab: -->
<html>
<!-- Any copyright is dedicated to the Public Domain.
- http://creativecommons.org/publicdomain/zero/1.0/ -->
<head>
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
</head>
<body>
- <iframe id="f" src="http://example.com"></iframe>
+ <iframe id="f" src="about:blank"></iframe>
<script type="text/javascript">
SimpleTest.waitForExplicitFinish();
var script = SpecialPowers.loadChromeScript(() => {
const Ci = Components.interfaces;
const Cc = Components.classes;
const Cu = Components.utils;
Cu.import('resource://gre/modules/Services.jsm');
@@ -31,16 +31,17 @@ var script = SpecialPowers.loadChromeScr
sendAsyncMessage('start-test');
});
script.addMessageListener('start-test', () => {
const iframe = document.getElementById('f');
iframe.contentWindow.onunload = function () {
+ info('initiate sync XHR during the page loading');
xhr = new XMLHttpRequest();
xhr.open('GET', window.location, false);
xhr.send(null);
ok(true, 'complete without crash');
script.destroy();
SimpleTest.finish();
}